diff options
-rw-r--r-- | doc/TODO | 1 | ||||
-rw-r--r-- | lib/auth_cert.c | 18 | ||||
-rw-r--r-- | lib/auth_rsa.c | 3 | ||||
-rw-r--r-- | lib/gnutls_int.h | 1 | ||||
-rw-r--r-- | lib/gnutls_num.h | 4 | ||||
-rw-r--r-- | lib/gnutls_record.c | 2 | ||||
-rw-r--r-- | libextra/auth_srp.c | 5 | ||||
-rw-r--r-- | libextra/auth_srp_passwd.c | 13 | ||||
-rw-r--r-- | libextra/gnutls_srp.c | 7 | ||||
-rw-r--r-- | libextra/gnutls_srp.h | 4 |
10 files changed, 29 insertions, 29 deletions
@@ -10,6 +10,7 @@ Current list: * Add function(s) to extract the certificate key's parameters * Add PKCS-12 support * Convert documentation to texinfo format +* Merge common stuff in DHE and DHA key exchange - Add Kerberos support (+) Means high priority diff --git a/lib/auth_cert.c b/lib/auth_cert.c index 95a7b3aa14..e0bdd3997f 100644 --- a/lib/auth_cert.c +++ b/lib/auth_cert.c @@ -339,21 +339,19 @@ static int _gnutls_find_acceptable_client_cert(GNUTLS_STATE state, * using realloc(). */ do { - dataptr_size -= 2; - if (dataptr_size <= 0) - goto clear; + /* This works like DECR_LEN() */ + DECR_LENGTH_COM( dataptr_size, 2, goto clear); size = _gnutls_read_uint16(data); - dataptr_size -= size; - if (dataptr_size < 0) - goto clear; + DECR_LENGTH_COM( dataptr_size, size, goto clear); dataptr += 2; - issuers_dn_len++; - - dataptr += size; - + if (size > 0) { + issuers_dn_len++; + dataptr += size; + } + if (dataptr_size == 0) break; diff --git a/lib/auth_rsa.c b/lib/auth_rsa.c index 828fae85d2..69206aab1f 100644 --- a/lib/auth_rsa.c +++ b/lib/auth_rsa.c @@ -166,10 +166,11 @@ int proc_rsa_client_kx(GNUTLS_STATE state, opaque * data, int data_size) ciphertext.data = data; ciphertext.size = data_size; } else { /* TLS 1 */ + DECR_LEN( data_size, 2); ciphertext.data = &data[2]; dsize = _gnutls_read_uint16(data); - if (dsize != data_size - 2) { + if (dsize != data_size) { gnutls_assert(); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH; } diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 4a57098697..fe56cdbc6a 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -94,6 +94,7 @@ typedef const int* GNUTLS_LIST; #define DECR_LEN(len, x) len-=x; if (len<0) {gnutls_assert(); return GNUTLS_E_UNEXPECTED_PACKET_LENGTH;} #define DECR_LENGTH_RET(len, x, RET) len-=x; if (len<0) {gnutls_assert(); return RET;} +#define DECR_LENGTH_COM(len, x, COM) len-=x; if (len<0) {gnutls_assert(); COM;} typedef unsigned char opaque; typedef struct { opaque pint[3]; } uint24; diff --git a/lib/gnutls_num.h b/lib/gnutls_num.h index 4e43d4e985..5a8f8a213a 100644 --- a/lib/gnutls_num.h +++ b/lib/gnutls_num.h @@ -55,7 +55,7 @@ int _gnutls_uint64pp( uint64 *); # define rotr64(x,n) (((x) >> ((uint16)(n))) | ((x) << (64 - (uint16)(n)))) # define byteswap64(x) ((rotl64(x, 8) & 0x00ff00ff00ff00ffUL) | (rotr64(x, 8) & 0xff00ff00ff00ff00UL)) -# define uint64pp(x) ((++(*x)==0) ? -1 : 0) -# define uint64zero(x) (*x) = 0 +# define _gnutls_uint64pp(x) ((++(*x)==0) ? -1 : 0) +# define _gnutls_uint64zero(x) (*x) = 0 #endif diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index 8b9b8c662c..7ef793f27c 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -477,6 +477,8 @@ static int _gnutls_check_record_headers( GNUTLS_STATE state, uint8 headers[RECOR *version = _gnutls_version_get( headers[1], headers[2]); #endif + /* No DECR_LEN, since headers has enough size. + */ *length = _gnutls_read_uint16( &headers[3]); } diff --git a/libextra/auth_srp.c b/libextra/auth_srp.c index 1dbb3649f9..89b7b36fcb 100644 --- a/libextra/auth_srp.c +++ b/libextra/auth_srp.c @@ -300,7 +300,7 @@ int proc_srp_server_hello(GNUTLS_STATE state, const opaque * data, int data_size const uint8 *data_g; const uint8 *data_s; uint8 pwd_algo; - int i, xx, ret; + int i, ret; opaque hd[SRP_MAX_HASH_SIZE]; char *username; char *password; @@ -370,11 +370,10 @@ int proc_srp_server_hello(GNUTLS_STATE state, const opaque * data, int data_size /* generate x = SHA(s | SHA(U | ":" | p)) * (or the equivalent using bcrypt) */ - if ( ( ret =_gnutls_calc_srp_x( username, password, (opaque*)data_s, n_s, pwd_algo, &xx, hd)) < 0) { + if ( ( ret =_gnutls_calc_srp_x( username, password, (opaque*)data_s, n_s, pwd_algo, &_n_g, hd)) < 0) { gnutls_assert(); return ret; } - _n_g = xx; if (_gnutls_mpi_scan(&state->gnutls_key->x, hd, &_n_g) != 0 || state->gnutls_key->x==NULL) { gnutls_assert(); diff --git a/libextra/auth_srp_passwd.c b/libextra/auth_srp_passwd.c index 078719468a..f0e5ef663b 100644 --- a/libextra/auth_srp_passwd.c +++ b/libextra/auth_srp_passwd.c @@ -40,11 +40,10 @@ */ static int pwd_put_values( GNUTLS_SRP_PWD_ENTRY *entry, char *str, int str_size) { char * p, *p2; -int len; +int len, ret; opaque *verifier; -int verifier_size; +size_t verifier_size; int indx; -size_t xx; p = rindex( str, ':'); /* we have index */ if (p==NULL) { @@ -106,19 +105,19 @@ size_t xx; } len = strlen(p); - verifier_size = _gnutls_sbase64_decode( p, len, &verifier); - if (verifier_size <= 0) { + ret = _gnutls_sbase64_decode( p, len, &verifier); + if (ret <= 0) { gnutls_assert(); gnutls_free(entry->salt); return GNUTLS_E_PARSING_ERROR; } - if (_gnutls_mpi_scan(&entry->v, verifier, &xx)) { + verifier_size = ret; + if (_gnutls_mpi_scan(&entry->v, verifier, &verifier_size)) { gnutls_assert(); gnutls_free( entry->salt); return GNUTLS_E_MPI_SCAN_FAILED; } - verifier_size = xx; gnutls_free( verifier); diff --git a/libextra/gnutls_srp.c b/libextra/gnutls_srp.c index 6e638018d1..d1b1a422df 100644 --- a/libextra/gnutls_srp.c +++ b/libextra/gnutls_srp.c @@ -36,17 +36,16 @@ */ -int _gnutls_srp_gx(opaque * text, int textsize, opaque ** result, GNUTLS_MPI g, +int _gnutls_srp_gx(opaque * text, size_t textsize, opaque ** result, GNUTLS_MPI g, GNUTLS_MPI prime) { GNUTLS_MPI x, e; size_t result_size; - if (_gnutls_mpi_scan(&x, text, &result_size)) { + if (_gnutls_mpi_scan(&x, text, &textsize)) { gnutls_assert(); return GNUTLS_E_MPI_SCAN_FAILED; } - textsize = result_size; e = _gnutls_mpi_alloc_like(prime); if (e==NULL) { @@ -259,7 +258,7 @@ int _gnutls_calc_srp_sha(char *username, char *password, opaque * salt, } int _gnutls_calc_srp_x(char *username, char *password, opaque * salt, - int salt_size, uint8 crypt_algo, int *size, void* digest) + size_t salt_size, uint8 crypt_algo, size_t *size, void* digest) { switch (crypt_algo) { diff --git a/libextra/gnutls_srp.h b/libextra/gnutls_srp.h index 5f13abd7c1..e43140803f 100644 --- a/libextra/gnutls_srp.h +++ b/libextra/gnutls_srp.h @@ -1,12 +1,12 @@ #ifdef ENABLE_SRP -int _gnutls_srp_gx(opaque *text, int textsize, opaque** result, MPI g, MPI prime); +int _gnutls_srp_gx(opaque *text, size_t textsize, opaque** result, MPI g, MPI prime); MPI _gnutls_calc_srp_B(MPI * ret_b, MPI g, MPI n, MPI v); MPI _gnutls_calc_srp_u( MPI B); MPI _gnutls_calc_srp_S1(MPI A, MPI b, MPI u, MPI v, MPI n); MPI _gnutls_calc_srp_A(MPI *a, MPI g, MPI n); MPI _gnutls_calc_srp_S2(MPI B, MPI g, MPI x, MPI a, MPI u, MPI n); -int _gnutls_calc_srp_x( char* username, char* password, opaque* salt, int salt_size, uint8 crypt_algo, int* size, void* digest); +int _gnutls_calc_srp_x( char* username, char* password, opaque* salt, size_t salt_size, uint8 crypt_algo, size_t* size, void* digest); int _gnutls_srp_gn( opaque** ret_g, opaque** ret_n, int bits); /* our prime */ |